12/14/2012

Turkmen Secret Police Hack Independent Turkmen Website

The logo of Chronicles of Turkmenistan, the publication of the Turkmen Initiative for Human Rights

For the third time this year, the website Chronicles of Turkmenistan at chrono-tm.org has been hacked, and has been down for over three days.

Past hacks have been nasty, but this was likely the nastiest and most enduring to date -- the site was disabled, but then pornographic pictures were put up in its place, and insults of the site's manager, Farid Tuhbatullin and his sons.

They also have a Facebook page -- but they warn readers that "layki" (i.e. "likes," which sounds like the word "barks" in Russian!) could reveal users' interest in independent Turkmen news to the authorities.

I was wondering if perhaps this hack was related to the 10th anniversary -- which was November 25 -- but it came somewhat later.

The site owners believe it was related to a report they published about the death of two Turkmen students pressed into unpaid state service in one of those huge mass productions of people singing and dancing for the dictator on a state holiday. The two young men died after falling ill at the parade rehearsal -- they were ordered to dress lightly and it was cold, and they worked long hours.

Chrono-tm.org reported that the mass performance was cancelled after the deaths, but I see various official ceremonies still went forward on or around December 12 for "Neutrality Day," as the Turkmen state calls the day in which it pretends that it hasn't been supine to -- at various times and places and sometimes to all four at once -- China, Russia, Iran, and the United States (in that order).

I winced because we spent the last ten years trying patiently to make a distinction between the Turkmen human rights movement in exile and the opposition in exile. For some, this might be a distinction without a difference, and it's blended in the case of other groups, but since it can be a matter of literally life or death and how the regime targets them, it seemed like it was worth making.

Truly, an opposition group is different than a human rights group, even though with a country like Turkmenistan, even the mildest human rights documentation is going to feel "political" to the regime and feel like a threat to their power, and then feel like "opposition". That's why you get Putin threatening human rights groups and charities under the "foreign agents" act. A group like the TIHR starts out trying merely to keep the record and tell the story and giving voices to others, but soon, due to the constant assaults on themselves they are driven into a corner next to the opposition, such as it is, which isn't much for Turkmenistan -- the secret police is pretty thorough.

It would have been easy to make a tiny opposition party, or an opposition group with a newspaper, or just an exiles club that took vocal political positions -- there are a number of them scattered around the world.

But Farid and his colleagues specifically made the Turkmen Initiative for Human Rights -- a modest name that doesn't indicate any institutionalization or global ambitions -- because they saw the task with Turkmenistan to be much more basic than making a lonely and likely small exile party -- the very task of free flow of information itself about this closed, authoritarian nation located between Iran, Uzbekistan and Afghanistan and tracked through by the great powers.

The TIHR haven't made a political program nor do they create manifestos about how they would like to see their homeland arranged -- all of that is premature in any event as the dictator isn't going anywhere and civil society is essentially crushed. Instead, they tried to simply publish the news, accompanied by commentary from different perspectives and even humorous Youtube videos and cartoons.

So here's my stern request to those who have supported and helped this site: you have to step up and do better than this.

It's no good blaming the victim and indulging in knowier-than-thou pronouncements about how people who are hacked haven't attended to their craft or their security.

I recall seeing one of the hacks and it looked like a common SQL injection hack which might have been prevented, but some of these other assaults are more serious and sophisticated and devastating -- as only hacks from a state with resources can be. And yes, it's certain that the Turkmen secret police hacked this site. Do you know anyone else who would care about a Turkmen exiles' site enough to hack it? Okay, then, let's stop the pretend-impartial speculation.

I'm aware also of a past well-intentioned but unexpectedly inept attempt to help that ended in making things worse, and that shouldn't have happened.

What's needed here isn't the most sophisticated white-hat nerds to resist attacks, or "free" open source software that starts a meter running of coders at $50/hour; what's needed likely is a simple commercial site like Typepad or other services that have scores of engineers that do nothing all day but fend off attacks for you as they protect their sites overall. These engineers at commercial platforms have gotten very good at deflecting and resisting hackers -- and mopping up after them quickly when they occur. So that's what's needed, along with the support to sustain it.

Again, this site is way too important to let it be victimized so that someone can make them an object lesson for their security training workshops. Citizens' journalists and exile publishers shouldn't have to be bogged down in worrying about the mechanics of a web site, which after all, are just like plumbing or garage mechanics and not magical unicorn spells only the secretly initiated can learn.

Meanwhile, the web owners are "routing around" as the Internet always does when it faces censorship and providing some alternatives on Twitter, Facebook, and another blog page. Let's hope they get back up to speed again!

Comments

The logo of Chronicles of Turkmenistan, the publication of the Turkmen Initiative for Human Rights

For the third time this year, the website Chronicles of Turkmenistan at chrono-tm.org has been hacked, and has been down for over three days.

Past hacks have been nasty, but this was likely the nastiest and most enduring to date -- the site was disabled, but then pornographic pictures were put up in its place, and insults of the site's manager, Farid Tuhbatullin and his sons.

They also have a Facebook page -- but they warn readers that "layki" (i.e. "likes," which sounds like the word "barks" in Russian!) could reveal users' interest in independent Turkmen news to the authorities.

I was wondering if perhaps this hack was related to the 10th anniversary -- which was November 25 -- but it came somewhat later.

The site owners believe it was related to a report they published about the death of two Turkmen students pressed into unpaid state service in one of those huge mass productions of people singing and dancing for the dictator on a state holiday. The two young men died after falling ill at the parade rehearsal -- they were ordered to dress lightly and it was cold, and they worked long hours.

Chrono-tm.org reported that the mass performance was cancelled after the deaths, but I see various official ceremonies still went forward on or around December 12 for "Neutrality Day," as the Turkmen state calls the day in which it pretends that it hasn't been supine to -- at various times and places and sometimes to all four at once -- China, Russia, Iran, and the United States (in that order).

I winced because we spent the last ten years trying patiently to make a distinction between the Turkmen human rights movement in exile and the opposition in exile. For some, this might be a distinction without a difference, and it's blended in the case of other groups, but since it can be a matter of literally life or death and how the regime targets them, it seemed like it was worth making.

Truly, an opposition group is different than a human rights group, even though with a country like Turkmenistan, even the mildest human rights documentation is going to feel "political" to the regime and feel like a threat to their power, and then feel like "opposition". That's why you get Putin threatening human rights groups and charities under the "foreign agents" act. A group like the TIHR starts out trying merely to keep the record and tell the story and giving voices to others, but soon, due to the constant assaults on themselves they are driven into a corner next to the opposition, such as it is, which isn't much for Turkmenistan -- the secret police is pretty thorough.

It would have been easy to make a tiny opposition party, or an opposition group with a newspaper, or just an exiles club that took vocal political positions -- there are a number of them scattered around the world.

But Farid and his colleagues specifically made the Turkmen Initiative for Human Rights -- a modest name that doesn't indicate any institutionalization or global ambitions -- because they saw the task with Turkmenistan to be much more basic than making a lonely and likely small exile party -- the very task of free flow of information itself about this closed, authoritarian nation located between Iran, Uzbekistan and Afghanistan and tracked through by the great powers.

The TIHR haven't made a political program nor do they create manifestos about how they would like to see their homeland arranged -- all of that is premature in any event as the dictator isn't going anywhere and civil society is essentially crushed. Instead, they tried to simply publish the news, accompanied by commentary from different perspectives and even humorous Youtube videos and cartoons.

So here's my stern request to those who have supported and helped this site: you have to step up and do better than this.

It's no good blaming the victim and indulging in knowier-than-thou pronouncements about how people who are hacked haven't attended to their craft or their security.

I recall seeing one of the hacks and it looked like a common SQL injection hack which might have been prevented, but some of these other assaults are more serious and sophisticated and devastating -- as only hacks from a state with resources can be. And yes, it's certain that the Turkmen secret police hacked this site. Do you know anyone else who would care about a Turkmen exiles' site enough to hack it? Okay, then, let's stop the pretend-impartial speculation.

I'm aware also of a past well-intentioned but unexpectedly inept attempt to help that ended in making things worse, and that shouldn't have happened.

What's needed here isn't the most sophisticated white-hat nerds to resist attacks, or "free" open source software that starts a meter running of coders at $50/hour; what's needed likely is a simple commercial site like Typepad or other services that have scores of engineers that do nothing all day but fend off attacks for you as they protect their sites overall. These engineers at commercial platforms have gotten very good at deflecting and resisting hackers -- and mopping up after them quickly when they occur. So that's what's needed, along with the support to sustain it.

Again, this site is way too important to let it be victimized so that someone can make them an object lesson for their security training workshops. Citizens' journalists and exile publishers shouldn't have to be bogged down in worrying about the mechanics of a web site, which after all, are just like plumbing or garage mechanics and not magical unicorn spells only the secretly initiated can learn.

Meanwhile, the web owners are "routing around" as the Internet always does when it faces censorship and providing some alternatives on Twitter, Facebook, and another blog page. Let's hope they get back up to speed again!